honggfuzz – general-purpose fuzzer

honggfuzz is a general-purpose, easy-to-use fuzzer that supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes. some of the features:

  1. Easy setup: No complicated configuration files or setup necessary — Hongfuzz can be run directly from the command line.
  2. Fast: Multiple Hongfuzz instances can be run simultaneously for more efficient fuzzing.
  3. Powerful analysis capabilities: Hongfuzz will use the most powerful process state analysis (e.g. ptrace) interface under a given OS.

The tool have been used in the past to uncover some security vulnerabilities including CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527,   Multiple bugs in the libtiff library, Multiple bugs in the librsvg library, Multiple bugs in the poppler library, Multiple exploitable bugs in IDA-Pro.

You can find more information and how to use honggfuzz utility over this link: https://code.google.com/p/honggfuzz/

Notify of
Inline Feedbacks
View all comments